What edition are we playing again?

Think back to when you were a kid, and the games you might have played, take a moment and think about your favorite game. If you were like the majority of us who were nerdy children who grew up to be interested in cybersecurity, you probably took part in some of the “nerdier” games, such as Magic the Gathering, Yu-gi-oh!, and everyone&#39;s favorite, Dungeons and Dragons. These games might have played an important role in how you saw yourself and played as a child. Were you a wizard summoning fireballs to decimate your enemies? Were you a ranger with your trusty animal companion? The stoic paladin who fought for justice? Regardless of what character you played, there was always that one question we asked our friends, “What edition are we playing?”

For the uninitiated, tabletop RPGs, such as Dungeons and Dragons, Pathfinder, even Star-Wars all had different editions. Each edition that came out created new and exciting rules, different character options, different worlds, and even more magical spells, think of them like expansion packs that rewrote the way the game was played. For example in the first edition of Dungeons and Dragons, there was a mechanic called THAC0 or To Hit Armor Class 0. The players of that time loved it because that was all they had As time went on THAC0 was done away with and a newly improved, some would say a simpler, way was developed to help players calculate just how armored their character was.

You may be asking what all this has to do with cybersecurity, and the answer brings us back to the age-old question asked for us tabletop RPG players: “What edition are we playing?” Some of the older set of rules we subscribe to include anti-malware appliances, password policies , and IP/Port-based network access. Cybersecurity is ever-evolving because our proverbial Dungeon Master (the bad actors) continues to throw new threats at us every day. We as cybersecurity professionals are cast into this battle, sometimes fighting with a system that uses out-dated rules, out-dated technology, and out-dated training.

The question we must ask ourselves is, “Are we still playing by first edition cybersecurity rules while the rest of the world and the bad actor dungeon masters are playing by the newest rules?” While simply having anti-malware systems in place was once enough when playing 1st edition cybersecurity, this is not the case anymore. Simply having anti-malware in place may stop some of the lower level attacks that threaten a company, however without “newer edition” tools such as threat hunting, or behavior analytics built into the anti-malware helps even the score. Such tools allow an analyst to track down where an attack originated from and become more proactive in guarding against future attacks.

Password policies are another example of the 1st edition rules that we may be playing with when it comes to cybersecurity. In the most recent NIST guidelines, password policies have undergone some changes, most notably the forced password change every month. While the NIST, as well as Microsoft, once recommended password changes every sixty or ninety days, it was found that password rotations actually caused worse and weaker passwords to be used. It was found that users would simply reuse passwords by simply adding a number or even just changing the number that the user had previously used for their password. The NIST also suggested dropping the algorithmic complexity for passwords in favor of using longer passwords or passphrases. Once again these older rules have actually shown to be a weakness as time progressed and resulted in more poor passwords being chosen.

Even though this change in password management has been suggested, how many businesses continue to play by the old rules? Finally, plans are being finalized for moving from IP/Port-based network access to workload and identity-based network access. While IP/Port-based network access was a wonderful “first edition” ruleset, now that virtual hosts are constantly changing within the landscape the days of IP/Port-based access must change quickly if cybersecurity analysts are going to defend networks against the current edition of bad-actors. These new rules of workload and identity-based network access help by offering authentication, access control , and user policy enforcement. This ensures that bad-actors can’t just plug into your network physically or bypass the RADIUS server as they could with the old 802.1X IP/Port-based security rules.

So much of today’s cybersecurity “best practices” were created during a different time, and have seemingly failed to progress. While these standards perhaps once worked, to adapt and change within the cybersecurity space is important. Having a proverbial player’s handbook with SecureNation can help any player stay up-to-date with the newest edition and give you the competitive edge that you require.